Hardik Bhatt, CIO, City of Chicago

Public Enterprise, Private Data

Government systems provide access to online applications without giving away the keys to the kingdom

The City of Granbury, Texas, may be small, but when it comes to ensuring IT security, it sees the big picture. "We have only a few hundred users, but our IT security architecture is sized for a big city and can scale to more than 10,000 users," says Anthony Tull, Granbury's director of IT.

That may seem like overkill for a municipality with 6,000 residents, but it's prudent planning: Granbury is deploying a WiFi network that will soon cover 26 square kilometers. The city will use the network for emergency services, building inspections, automated meter readings, and public broadband access-all of which will require progressive IT security.

Granbury's mobile aspirations aren't unique. Across the globe, hundreds of cities and towns are deploying public broadband networks, according to MuniWireless.com, a Web site that tracks such deployments. In the United States alone, spending on e-government applications will reach US$6 billion by 2009, up from US$4 billion in 2004, according to INPUT, a market research firm in Reston, Virginia. Worldwide use of online government services has reached 31 percent of adults, according to a survey of 32 countries by Taylor Nelson Sofres, a market research firm. Surging demand for e-government systems has forced CIOs to evaluate their overall security architectures.

"These new city WiFi networks have the greatest security risks during their pilot stage, when they are offered for free without control over who has access to them," says Adomas Svirskas, a security researcher at Institut Eurecom in France. "As these networks undergo transition to commercial service levels, the security measures normally increase and chances of malicious actions decrease."

"Security is the first topic everyone wants to know about whenever you're talking about expanding your network or deploying a new application," asserts Hardik Bhatt, CIO for the City of Chicago, Illinois.

In the fall of 2006, Chicago issued a request for procurement to deploy a citywide WiFi network. Although Chicago is still considering the RFP submissions it received in early 2007, the city has outlined some basic parameters for security. For starters, all city-operated applications will sit behind a firewall. Mobile municipal employees and contractors will require virtual private network (VPN) software to access the applications. "It's too early to describe how we'll educate the public about security," says Bhatt. "But we've made a few things clear to the vendors and the service provider community that replied to the request for proposal. They'll need to make sure they find proactive ways to educate the community about potential vulnerabilities and security issues related to public broadband networks."

Other IT projects with key security components are also moving forward in Chicago. Bhatt constantly scours the market for ways to strengthen the city's defenses. In recent months, he has allocated more money for penetration testing and ethical hacking against the city's network. "We've increased the number of penetration tests and the amount of ethical hacking we've done to make sure someone else doesn't get in," he says. "We now have our systems 'attacked' by ethical hackers multiple times a year. Once we see the results of those tests, we adjust our security strategy accordingly."